SUSE-IU-2024:225-1: Security update of sles-15-sp5-chost-byos-v20240209-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Feb 12 16:15:17 UTC 2024
SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240209-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:225-1
Image Tags : sles-15-sp5-chost-byos-v20240209-arm64:20240209
Image Release :
Severity : important
Type : security
References : 1107342 1183663 1193173 1196293 1211188 1211190 1211547 1214668
1215241 1215434 1216049 1216388 1216390 1216522 1216827 1217000
1217237 1217287 1217460 1217952 1218126 1218186 1218201 1218209
1218282 1218475 1218561 1218571 1218571 1218739 1218765 1218799
1218894 1219123 1219189 1219238 CVE-2023-1667 CVE-2023-2283 CVE-2023-48795
CVE-2023-6004 CVE-2023-6918 CVE-2023-7207 CVE-2023-7207 CVE-2024-21626
CVE-2024-22365
-----------------------------------------------------------------
The container sles-15-sp5-chost-byos-v20240209-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:105-1
Released: Mon Jan 15 15:41:05 2024
Summary: Recommended update for grub2 and efibootmgr
Type: recommended
Severity: important
References: 1217237
This update for grub2 and efibootmgr fixes the following issues:
grub2:
- Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237)
efibootmgr:
- Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:136-1
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Type: security
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:140-1
Released: Thu Jan 18 11:34:58 2024
Summary: Security update for libssh
Type: security
Severity: important
References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:161-1
Released: Thu Jan 18 18:40:46 2024
Summary: Recommended update for dpdk22
Type: recommended
Severity: moderate
References:
This update of dpdk22 fixes the following issue:
- DPDK 22.11.1 is shipped to SLE Micro 5.5. (jsc#PED-7147)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:187-1
Released: Tue Jan 23 13:38:00 2024
Summary: Recommended update for python-chardet
Type: recommended
Severity: moderate
References: 1218765
This update for python-chardet fixes the following issues:
- Fix update-alternative in %postun (bsc#1218765)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:214-1
Released: Wed Jan 24 16:01:31 2024
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1214668,1215241,1217460
This update for systemd fixes the following issues:
- resolved: actually check authenticated flag of SOA transaction
- core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive
- core: Add trace logging to mount_add_device_dependencies()
- core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
- core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies
- core: wrap some long comment
- utmp-wtmp: Handle EINTR gracefully when waiting to write to tty
- utmp-wtmp: Fix error in case isatty() fails
- homed: Handle EINTR gracefully when waiting for device node
- resolved: Handle EINTR returned from fd_wait_for_event() better
- sd-netlink: Handle EINTR from poll() gracefully, as success
- varlink: Handle EINTR gracefully when waiting for EIO via ppoll()
- stdio-bridge: Don't be bothered with EINTR
- sd-bus: Handle EINTR return from bus_poll() (bsc#1215241)
- core: Replace slice dependencies as they get added (bsc#1214668)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:219-1
Released: Wed Jan 24 19:43:28 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1218799
This update for rsyslog fixes the following issues:
- suppress installation errors when systemd is not running (bsc#1218799)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:238-1
Released: Fri Jan 26 10:56:41 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,CVE-2023-7207
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:254-1
Released: Fri Jan 26 17:19:30 2024
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References: 1217952
This update for containerd fixes the following issues:
- Fix permissions of address file (bsc#1217952)
- Update to version 1.7.10
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:295-1
Released: Thu Feb 1 08:23:17 2024
Summary: Security update for runc
Type: security
Severity: important
References: 1218894,CVE-2024-21626
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Thu Feb 1 17:33:38 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:306-1
Released: Thu Feb 1 17:58:09 2024
Summary: Recommended update for python-instance-billing-flavor-check
Type: recommended
Severity: moderate
References: 1218561,1218739
This update for python-instance-billing-flavor-check fixes the following issues:
- Support proxy setup on the client to access the update infrastructure API (bsc#1218561)
- Add IPv6 support (bsc#1218739)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:427-1
Released: Thu Feb 8 12:56:57 2024
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282
This update for supportutils fixes the following issues:
- Update to version 3.1.28
- Correctly detects Xen Dom0 (bsc#1218201)
- Fixed smart disk error (bsc#1218282)
- Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
- Added missing klp information to kernel-livepatch.txt (bsc#1216390)
- Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
- Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
- Optimize lsof usage (bsc#1183663)
- Collects chrony or ntp as needed (bsc#1196293)
- Fixed podman display issue (bsc#1217287)
- Added nvme-stas configuration to nvme.txt (bsc#1216049)
- Added timed command to fs-files.txt (bsc#1216827)
- Collects zypp history file issue#166 (bsc#1216522)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:444-1
Released: Fri Feb 9 16:39:32 2024
Summary: Security update for suse-build-key
Type: security
Severity: important
References: 1219123,1219189
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated
- containerd-ctr-1.7.10-150000.106.1 updated
- containerd-1.7.10-150000.106.1 updated
- cpio-2.13-150400.3.6.1 updated
- efibootmgr-17-150400.3.2.2 updated
- kernel-default-5.14.21-150500.55.44.1 updated
- libblkid1-2.37.4-150500.9.3.1 updated
- libfdisk1-2.37.4-150500.9.3.1 updated
- libfstrm0-0.6.1-150300.9.5.1 updated
- libmount1-2.37.4-150500.9.3.1 updated
- libsmartcols1-2.37.4-150500.9.3.1 updated
- libssh-config-0.9.8-150400.3.3.1 updated
- libssh4-0.9.8-150400.3.3.1 updated
- libsystemd0-249.17-150400.8.40.1 updated
- libudev1-249.17-150400.8.40.1 updated
- libuuid1-2.37.4-150500.9.3.1 updated
- pam-1.3.0-150000.6.66.1 updated
- python-instance-billing-flavor-check-0.0.6-150000.1.9.1 updated
- python3-chardet-3.0.4-150000.5.3.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.27.1 updated
- rsyslog-8.2306.0-150400.5.27.1 updated
- runc-1.1.11-150000.58.1 updated
- supportutils-3.1.28-150300.7.35.24.1 updated
- suse-build-key-12.0-150000.8.40.1 updated
- suse-module-tools-15.5.4-150500.3.9.1 updated
- suseconnect-ng-1.6.0~git0.31371c8-150500.3.12.1 updated
- systemd-sysvinit-249.17-150400.8.40.1 updated
- systemd-249.17-150400.8.40.1 updated
- udev-249.17-150400.8.40.1 updated
- util-linux-systemd-2.37.4-150500.9.3.1 updated
- util-linux-2.37.4-150500.9.3.1 updated
- xen-libs-4.17.3_04-150500.3.21.1 updated
More information about the sle-container-updates
mailing list